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»#b/i7v^7>h77 p y^-^3>^P.ftW7^-b 
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-^-7^U^-3/3>OH»*i¥fftf}1-i:, SiSlHSc 

o7^-trxasij^stBrKi*^77 , y r-i/aygm 

[0 0 0 7] 

fiS<D$f££, JgfllRl^aif SlfflaSSfe LT I C A- K 
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CLAIMS 

[Claim(s)] 

[Claim 1]ln information processing equipment in which a cellular phone which can carry two or 
more rewritable applications, and in which shared access between each application is possible 
is possible, Each application (server application) has shared management information, 
Portable information processing equipment provided with a shared access controlling function 
judging permission/disapproval of access based on shared management information when 
there is an access request from other applications (client application). 
[Claim 2]lnformation processing equipment in which the cellular phone according to claim 1 is 
possible, wherein said shared management information consists of application controlling 
information, access control information, and attestation management information. 
[Claim 3]Access classification for every ID for said application controlling information to specify 
client application, Information processing equipment consisting of information which shows an 
authorized state over said ID and access classification, and request frequency which failed in 
attestation for every access classification and in which the cellular phone according to claim 2 
is possible. 

[Claim 4]lnformation processing equipment which carries out the feature of said access control 
information consisting of a returned value returned to an authentication level for every access 
classification, and accessed client application and in which the cellular phone according to 
claim 2 is possible. 

[Claim 5]lnformation processing equipment in which the cellular phone according to claim 2 is 
possible, wherein said attestation management information consists of access authentication 
conditions and additional deletion attestation conditions according to an authentication level. 
[Claim 6]lnformation processing equipment in which the cellular phone according to claim 1 is 
possible, wherein said shared management information consists of application controlling 
information and additional deletion attestation condition management information. 
[Claim 7]Access classification for every ID for said application controlling information to specify 
client application, Information processing equipment consisting of information which shows an 
authorized state over said ID and access classification, request frequency which failed in 
attestation for every access classification, and access authentication conditions and in which 
the cellular phone according to claim 6 is possible. 

[Claim 8]lnformation processing equipment in which the cellular phone according to claim 6 is 
possible, wherein said additional deletion attestation condition management information 
consists of additional deletion attestation conditions and request frequency. 
[Claim 9]lnformation processing equipment not receiving access after making an authorized 
state a blockade when said request frequency exceeds default value and in which the cellular 
phone according to claim 3, 7, or 8 is possible. 
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[Claim 10]When shared access from client application occurs, information which shows an 
authorized state is an authorized state, And on condition that attestation was materialized, 
server application passes a set of functions of access classification and/or a pointer of an 
object in an authorized state, Information processing equipment in which the cellular phone 
according to claim 3 is possible, wherein client application calls a server's function and a 
function performs processing. 

[Claim 11]From external terminal equipment, to application controlling information Application 
ID, When shared access occurs from client application which access classification was added 
and gained a set of functions of server application, and/or a pointer of an object, If, as for 
server application, client application calls a function of server application for authorized-state 
information on application controlling information with permission on condition that attestation 
was materialized, Information processing equipment in which the cellular phone according to 
claim 7 is possible on condition that access classification of the function concerned judges with 
reference to application controlling information for whether it is an authorized state and it is in 
an authorized state, wherein a function performs processing. 
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[Detailed Description of the Invention] 
[0001] 

[Field of the lnvention]This invention relates to the portable information processing equipment 
(for example, IC card) which can carry two or more rewritable applications, especially relates to 
management of access between applications. 
[0002] 

[Description of the Prior Art]Access between the applications on an IC card has a security top 
problem, and is usually impossible by OS etc. (firewall). However, in the IC card which carries 
two or more applications, in order to use limited resources effectively, it is necessary to allow 
restrictive access (shared access) under the environment mutually managed for the purpose of 
a function and sharing of data. Furthermore, since each application is added and deleted to 
arbitrary timing, a management method also needs to correspond to it. Although this shared 
access is explained below, client application and shared access are permitted for the side 
which requires shared access, and the side which provides a function and information will be 
called server application here. 

[0003]When it carries application in an IC card conventionally, The information on other 
applications predicted that shared access is required beforehand (ID), the parameter 
(PIN:Personal Identification Number) for attestation, etc. are given to each application as data, 
When application wants to access other applications, the attestation parameters (PIN etc.) 
which serve as ID of their application and an argument to the target application are passed. In 
the server application side of which access was required, an access permit/disapproval is 
judged by coincidence/disagreement as compared with the data (group of application ID and 
an attestation parameter) in which he knows passed application ID and an attestation 
parameter beforehand. In adding the information (group of application ID and an attestation 
parameter) about other applications, the program of application is created newly and the 
procedure again reinstalled in an IC card performs. 
[0004] 

[Problem to be solved by the invention]The shared access management in such a conventional 
IC card had the following problems. 

** Since it decided at the time of card issuing, the information on applications other than itself 
was not able to manage permission/disapproval of shared access correctly to the addition or 
deletion of application which were not assumed. It corresponds to the application added later 
as "a case of others", and enables it to accept use restrictively in the former. 
** If the existing application is reput in in order to correspond to the application created later, in 
the case of the IC card of the mechanism in which especially application and data are united 
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and are managed, the data corresponding to the application may also disappear together. 
** Inaccurate application, such as changing an attestation parameter (PIN) and trying access 
repeatedly, may be able to acquire the inaccurate right of shared access. 
[0005]While being for this invention solving an aforementioned problem and enabling it to 
correspond to the addition and deletion of application after card issuing, It aims at raising 
security by supervising unjust shared access and unjust access to shared management 
information, and blockading access to application. 
[0006] 

[Means for solving problem]ln the information processing equipment in which the cellular 
phone in which this invention can carry two or more rewritable applications, and in which the 
shared access between each application is possible is possible, When each application (server 
application) has shared management information and there is an access request from other 
applications (client application), permission/disapproval of access are judged based on shared 
management information. As for this invention, shared management information consists of 
application controlling information, access control information, and attestation management 
information. This invention consists of information which shows the authorized state over 
access classification, and said ID and access classification for every ID for application 
controlling information to specify client application, and request frequency which failed in the 
attestation for every access classification. This invention carries out the feature of access 
control information consisting of a returned value returned to the authentication level for every 
access classification, and the accessed client application. This invention consists of access 
authentication [ management information / attestation ] conditions according to an 
authentication level, and additional deletion attestation conditions. As for this invention, shared 
management information consists of application controlling information and additional deletion 
attestation condition management information. This invention consists of the information which 
shows the authorized state over access classification, and said ID and access classification for 
every ID for application controlling information to specify client application, request frequency 
which failed in the attestation for every access classification, and access authentication 
conditions. As for this invention, additional deletion attestation condition management 
information consists of additional deletion attestation conditions and request frequency. This 
invention does not receive access after making an authorized state a blockade, when request 
frequency exceeds default value. When this invention has the shared access from client 
application, On condition that the information which shows an authorized state is an authorized 
state and attestation was materialized, Server application passes the set of functions of access 
classification and/or the pointer of an object in an authorized state, client application calls a 
server's function, and a function performs processing. This invention from external terminal 
equipment to application controlling information Application ID, When shared access occurs 
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from the client application which access classification was added and gained the set of 
functions of server application, and/or the pointer of the object, If, as for server application, 
client application calls the function of server application for the authorized-state information on 
application controlling information with permission on condition that attestation was 
materialized, The access classification of the function concerned judges with reference to 
application controlling information for whether it is an authorized state, and on condition that it 
is in an authorized state, a function performs processing. 
[0007] 

[Mode for carrying out the invention]Hereafter, with reference to Drawings, an embodiment of 
the invention is described taking the case of an IC card as information processing equipment in 
which a form is possible. 

(The 1st working example) Drawing 1 is a figure explaining the shared management 
information which each application carried in an IC card has. Shared management information 
consists of application controlling information ( drawing 1 (a)), access control information 
( drawing 1 (b)), and attestation management information ( drawing 1 (c)). Although application 
controlling information consists of ID (AID) of client application, access classification (TYPE), 
an authorized state, and request frequency, the shared access from client application is 
managed and each application owns separately, It is not necessary to have the application 
which does not provide a shared access function. In that case, the shared access demand 
from which application will also be received. 

[0008]Application ID (AID) is a number unique within an IC card at least for specifying client 
application. Access classification (TYPE) specifies data, the function and object (unit which put 
data and a function together) which are shared between the classification of access given to 
the application, and the number showing those sets, or it may be made to specify a direct 
address, a pointer, and a function name. 

[0009]An authorized state shall express the authorized state of access to a certain application 
ID and access classification, and shall express permission / disapproval / blockade at worst. In 
addition, in order to make an access speed quick, once attestation is successful, it may be 
made to establish states, such as "momentary permission" etc. which limited "regular 
permission" and the number of times which do not need to attest after that, and a term. In a 
state of obstruction, the attestation of shared access itself is not received so that it may 
mention later. Request frequency counts the number of times which failed in attestation of 
access classification, and the number of times of the authentication failure of the 
addition/deletion request to application controlling information. It may be made to add an item 
so that both can be divided and counted about an addition and deletion. 
[0010]Access control information consists of access classification, an authentication level, and 
a returned value. An authentication level is a number which shows the level of attestation 
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required at the time of the shared access. Returned values are those sets, such as a pointer to 
a function name, a variable identifier, and a function, a pointer to a variable, reference to an 
object, a real address, and a value (the value to a variable itself), in the reference value for the 
shared access returned to client application. 

[001 1]Attestation management information consists of an attestation bell, access 
authentication conditions (PIN1), and addition/deletion attestation conditions (collation with 
PIN2 which it has beforehand for an addition/deletion). Shared access is allowed, when there 
is a demand of the shared access of a certain authentication level and the access 
authentication conditions (comparison with PIN2 currently held beforehand) corresponding to it 
are fulfilled. 

[0012]As it supposes that an addition/deletion in an application name and the group unit of 
access classification are possible for application controlling information and is shown in 
drawing 1 (b) in that case, The authentication level corresponding to access classification is 
set up, and different PIN for every level is prepared like drawing 1 (c) so that it may be carried 
out, on condition that addition/deletion attestation conditions corresponding to the 
authentication level are fulfilled. 

[0013]Next, the procedure of an addition/deletion of application controlling information is 
explained. 

** Pass application ID, the access classification, and the attestation parameter (PIN) to add 

(deletion) to server application from the client application or terminal side. 

** Server application searches the attestation conditions corresponding to access 

classification, and carries out authenticating processings (collation of PIN, etc.). If it succeeds 

in attestation, application ID, access classification, and an authorized state (permission) will be 

added to the application controlling information which he has. 

** In order to prevent unlawful access from inaccurate application or the outside, when 

attestation goes wrong and the increase of one and the specific number of times are reached 

in the count of request frequency, "blockade" an authorized state, and blockade the addition of 

application ID and access classification, and a deletion request after it. Unblocking cannot be 

performed or it is made to need specific attestation. 

[0014]Next, the procedure of shared access management is explained. 

** An access request occurs in data or processing through direct or OS from client application. 

** Server application searches an authorized-state flag from the group of application ID and 

access classification with reference to a shared management table, It is permission, and if 

attestation conditions suit, the means of access is provided as returned values (data, the 

reference address to a function, etc.) to client application. 

[0015] Drawing 2 is a figure explaining the shared management information which each 
application has (it stores in a memory area). Application has its application ID (AID) and the 
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information on a shared management table so that it may illustrate, and the application of AIDO 
has application controlling information, access control information, and attestation 
management information about AID1 and AID2. The memory area where the data which 
application originally has by a diagram, a function, and others are stored is omitting the graphic 
display. Below, the application of AIDO, and 1 and 2 will be called the applications 0, 1, and 2, 
respectively. 

[0016] Drawing 3 is a figure explaining the example which asks for shared access from client 
application. The example of the figure shows signs that the application 1 asks for the access 
permit of the access classification 1 from the application 0. PIN1 is 1234, and the application 0 
which serves as a server checks that it is in agreement and that an access state is permission 
(flag =1), takes [ attestation PIN is searched from the group of AID and TYPE (access 
classification), and ] out an access permit, and returns the reference to a shared data function. 
[0017] Drawing 4 is a figure showing an example which fails in shared access. Signs that the 
application 3 is asking for permission of the access classification (TYPE) 2 from the application 
0 are shown. Since the application 0 which serves as a server does not have a group of AID3 
and TYPE2 in a shared management table, it does not issue shared access permission. 
[0018] Drawing 5 is a figure showing an example which adds application to shared 
management information. Signs that the application 3 adds application to shared management 
information to the application 0 are shown, and the application 3 sends AID=3, TYPE=2, and 
an attestation parameter (PIN2=8765) corresponding to it to the application 0 which serves as 
a server. The application 0 compares PIN=8765 [ required to add the right to access of 
TYPE=2 ] (it holds beforehand) of the authentication level 2 with PIN2 from the application 3, 
and since both are in agreement, it adds AID3 and TYPE2 to shared management information. 
As a result, as shown in drawing 6 , the application 3 is added to shared management 
information. 

[001 9] Drawing 7 is a figure showing the adding processing flow of shared access and 
application controlling information. It is judged that a call (a function call or communication) 
occurs from an external terminal or a client whether it is an access request (Step S2). (Step 
S1) It is judged whether application controlling information has the AID and TYPE as it is an 
access request (Step S3), when application controlling information has AID TYPE, 
subsequently authenticating processing (PIN - do coincidence or not?) is performed (step S4), 
and when PIN is in agreement, the reference (returned value) corresponding to access 
classification is returned (Step S5). In step S4, when PIN is not in agreement, the request 
frequency of application controlling information is added one time (Step S6), It judges whether 
request frequency exceeded default value (Step S7), when it exceeds, the authorized-state 
flag of application controlling information is set to 2, and access of this application is blockaded 
(Step S8). In Step S2, when it is not an access request, it is judged whether it is an addition 
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request to application controlling information (step S9). When it is an addition request, an 
authentication level is searched from access classification and PIN of the authentication level 2 
for an addition is obtained (Step S10). Subsequently, it judges whether PIN is in agreement 
(Step S11), in being in agreement, it judges whether application controlling information has 
AID and access classification (Step S12), when there is nothing, it adds to application 
controlling information, and an authorized-state flag is set to 1. It judges whether it is 
blockaded when application controlling information has AID access classification (Step S13), 
when blockaded, processing is ended, and when not blockaded, an authorized-state flag is set 
to 1. 

[0020] Drawing 8 is a process flow explaining a procedure of shared access management. 
From an external terminal or a client, to application controlling information AID, access 
classification, If an authorized state is added (Step S21) and a client asks for shared access 
(Step S22), An authorized state is permission or it judges whether PIN is in agreement (Step 
S23), when not filling these, access is made into disapproval, and in filling, a server returns a 
pointer to a set of functions of access classification permitted to a client (Step S24). A client 
calls a server's function (Step S25), and a function (in practice object) performs processing 
(Step S26). Since a pointer to a function already granted a permission is given at this time, a 
check in particular is not carried out but processing is performed. 

(The 2nd working example) When a pointer to a function was obtained, were trying to prepare 
PIN which enables it to access freely and is different for every authentication level, if 
attestation conditions differ for every access classification and it has become an authorized 
state in the 1st working example, but. PIN which sets attestation conditions to application ID to 
access classification, and is different for every level is not prepared, but when there is access, 
all the pointers are returned, and the function itself explains below an example which referred 
to an authorized state at the time of execution of each function. 

[0021] Drawing 9 is a figure explaining shared management information, and consists of 
application controlling information and additional deletion attestation condition management 
information. Application controlling information consists of AID, access classification, an 
authorized state, request frequency, and attestation conditions ( drawing 9 (a)), and additional 
deletion attestation condition management information consists of attestation conditions (PIN2) 
and request frequency. And application controlling information enables addition and deletion 
per group of an application name and access classification, and it becomes conditions in that 
case to fulfill the additional deletion attestation conditions of drawing 9 (b). 
[0022]The additional procedure of the access control information in the 2nd working example is 
explained. 

** Pass the attestation conditions for additional deletion (PIN2) to server application from the 
terminal side. If attestation is successful, in order to progress to the next and to prevent 
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unlawful access from inaccurate application or the outside, when attestation goes wrong, the 
count of request frequency "is blockaded" when reaching the increase of one, and the specific 
number of times, and the addition to server application and a deletion request are blockaded 
after it. Unblocking cannot be performed or needs specific attestation. 
** Pass application ID, the access classification, and the attestation parameter (PIN1) which 
are added from the terminal side to server application. Server application adds application ID, 
access classification, and attestation conditions (PIN1) to the application controlling 
information which he has. 

[0023]Next, the procedure of deletion of application controlling information is explained. 
** Pass the attestation conditions for additional deletion (PIN2) to server application from the 
terminal side. If attestation is successful, in order to progress to the next and to prevent 
unlawful access from inaccurate application or the outside, when attestation goes wrong, the 
counter of request frequency "is blockaded" when reaching the increase of one, and the 
specific number of times, and the additional deletion request to server application is blockaded 
after it. Unblocking cannot be performed or needs specific attestation. 
** Pass application ID, the access classification, and the attestation parameter (PIN1) which 
are deleted from the terminal side to server application. 

** Server application searches application ID and access classification from the inside of the 
application controlling information which he has, and checks them about attestation conditions 
(PIN1). If attestation is successful, the management information to the application ID and 
access classification will be deleted. 

[0024]Next, the procedure of shared access management is explained. 
** Require shared access through direct or OS from client application, and the reference 
pointer to each function (in practice object) comes on the contrary from server application. 
** Client application sends AID and PIN for access classification attestation as a parameter 
through the above-mentioned reference pointer. 

** If a server (in practice a server's function for attestation) searches attestation conditions from 
the group of application ID and access classification and it succeeds in attestation with 
reference to a management table, he will set a permit flag and will be taken as an authorized 
state. 

** A client calls each function currently shared from the server, and also passes AID as a 
parameter. 

** With reference to a management table, the permit flag corresponding to AID and access 
classification (it is defined beforehand to which access classification each function belongs) 
confirms whether be "permission" or not, and if each function of the called server is permission, 
it will perform processing. 

[0025] Drawing 10 is a figure explaining the shared management information which application 
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has, and it is shown that the application 0 has additional deletion attestation condition 
PIN2=4321 with the management information about AID1 and 2. 

[0026] Drawing 1 1 is a figure showing the example which asks for shared access from client 
application. Signs that the application 1 is asking for the access permit of the access 
classification 1 to the application 0 are shown, the application 0 which serves as a server 
searches attestation PIN from the group of AID and access classification, and PIN1 is 1234, 
respectively and it checks the right thing. Since PIN1 was in agreement, the authorized-state 
flag is set to 1 about AID1 and TYPE1 ( drawing 12) . 

[00271 Drawing 13 is a figure showing the example which failed in shared access. The 
application 1 is asking for the access permit of the access classification 1 from the application 
0, Since AID1 and PIN1 of the access classification 1 are 1234 and PIN1 which the application 
1 has presented is 4321, attestation is not materialized and the application 0 which serves as a 
server does not issue shared access permission. 

[0028] Drawing 14 is a figure showing the example which adds application to shared 
management information. The application 3 sends the access classification 2, attestation 
parameter PIN1 corresponding to it, and PIN2 to the application 0 which serves as a server to 
the application 0. Since PIN2=4321 which attests about attestation conditions (PIN2) required 
to add the right to access of the application 0, and is sent from the application 3 is in 
agreement with PIN2=4321 which the application 0 has, AID=3, TYPE=2, and PIN1=9876 are 
added as shown in drawing 15 . 

[00291 Drawing 16 is a figure showing the process flow of the 2nd working example. 
[0030]lt is judged that the call from the outside occurs whether it is an authentication demand 
of shared access (Step S32). (Step S31) When it is a shared access authentication demand, it 
is judged whether application controlling information has the AID and access classification 
(Step S33). It judges whether in a certain case, it is blockaded (Step S34), and when not 
blockaded, it is judged whether PIN is in agreement (Step S35). Coincidence of PIN will set the 
authentication flag corresponding to AID and access classification (Step S36). If PIN is not in 
agreement, the request frequency of application controlling information is made to increase 
one time in Step S35 (Step S37), Subsequently, it judges whether request frequency exceeded 
default value (Step S38), when having exceeded, the flag of AID and access classification to 
which application controlling information corresponds is set to 2, and it blockades (Step S39). 
In Step S32, when it is not the demand of shared access attestation, it is judged whether it is 
the function-designator demand currently shared (Step S40). The access classification of the 
function called as it is a function-designator demand is set (Step S41), it judges whether 
subsequently to application controlling information there are the AID and access classification 
(Step S42), and it is judged whether in a certain case, it is blockaded (Step S43). When not 
blockaded, processing of the function called when it judged whether the authentication flag 
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would stand (Step S44) and the authentication flag stood is performed (Step S45). 
[0031] Drawing 17 is a process flow which shows the procedure of the shared access 
management in the 2nd working example. The client application with which AID and access 
classification were added to application controlling information (Step S51) can obtain the 
pointer of the set of functions of server application from an external terminal (Step S52). If this 
client application requires shared access (Step S53), If server application judges whether PIN 
is in agreement (Step S54), its PIN corresponds, the authorized state of application controlling 
information is made "permission" (Step S55) and it is not in agreement, let it be disapproval. 
Subsequently, if client application calls the function of server application (Step S56), If it judges 
[ whether the access classification of this function is in an authorized state, and ] with 
reference to application controlling information (Step S57) and is in an authorized state, a 
function will perform processing, and it will become access disapproval if it is not an authorized 
state. 
[0032] 

[Effect of the lnvention]As mentioned above, in the shared access management [ according to 
this invention ] in the portable information processing equipment which can carry two or more 
applications, It is possible to be able to manage permission/disapproval of access classification 
correctly also to the addition and deletion of application which were not assumed at the 
beginning, and to make a function and data accessible/impossible. It becomes possible to 
prevent the shared access from inaccurate application and to prevent acquisition of the 
inaccurate right of shared access. 
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TECHNICAL FIELD 

[Field of the lnvention]This invention relates to the portable information processing equipment 
(for example, IC card) which can carry two or more rewritable applications, especially relates to 
management of access between applications. 
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[Description of the Prior ArtJAccess between the applications on an IC card has a security top 
problem, and is usually impossible by OS etc. (firewall). However, in the IC card which carries 
two or more applications, in order to use limited resources effectively, it is necessary to allow 
restrictive access (shared access) under the environment mutually managed for the purpose of 
a function and sharing of data. Furthermore, since each application is added and deleted to 
arbitrary timing, a management method also needs to correspond to it. Although this shared 
access is explained below, client application and shared access are permitted for the side 
which requires shared access, and the side which provides a function and information will be 
called server application here. 

[0003]When it carries application in an IC card conventionally, The information on other 
applications predicted that shared access is required beforehand (ID), the parameter 
(PINPersonal Identification Number) for attestation, etc. are given to each application as data, 
When application wants to access other applications, the attestation parameters (PIN etc.) 
which serve as ID of their application and an argument to the target application are passed. In 
the server application side of which access was required, an access permit/disapproval is 
judged by coincidence/disagreement as compared with the data (group of application ID and 
an attestation parameter) in which he knows passed application ID and an attestation 
parameter beforehand. In adding the information (group of application ID and an attestation 
parameter) about other applications, the program of application is created newly and the 
procedure again reinstalled in an IC card performs. 
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[Effect of the lnvention]As mentioned above, in the shared access management [ according to 
this invention ] in the portable information processing equipment which can carry two or more 
applications, It is possible to be able to manage permission/disapproval of access classification 
correctly also to the addition and deletion of application which were not assumed at the 
beginning, and to make a function and data accessible/impossible. It becomes possible to 
prevent the shared access from inaccurate application and to prevent acquisition of the 
inaccurate right of shared access. 
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[Problem to be solved by the invention]The shared access management in such a conventional 
IC card had the following problems. 

** Since it decided at the time of card issuing, the information on applications other than itself 
was not able to manage permission/disapproval of shared access correctly to the addition or 
deletion of application which were not assumed. It corresponds to the application added later 
as "a case of others", and enables it to accept use restrictively in the former. 
** If the existing application is reput in in order to correspond to the application created later, in 
the case of the IC card of the mechanism in which especially application and data are united 
and are managed, the data corresponding to the application may also disappear together. 
** Inaccurate application, such as changing an attestation parameter (PIN) and trying access 
repeatedly, may be able to acquire the inaccurate right of shared access. 
[0005]While being for this invention solving an aforementioned problem and enabling it to 
correspond to the addition and deletion of application after card issuing, It aims at raising 
security by supervising unjust shared access and unjust access to shared management 
information, and blockading access to application. 
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MEANS 

[Means for solving problem]ln information processing equipment in which a cellular phone in 
which this invention can carry two or more rewritable applications, and in which shared access 
between each application is possible is possible, When each application (server application) 
has shared management information and there is an access request from other applications 
(client application), permission/disapproval of access are judged based on shared 
management information. As for this invention, shared management information consists of 
application controlling information, access control information, and attestation management 
information. This invention consists of information which shows an authorized state over 
access classification, and said ID and access classification for every ID for application 
controlling information to specify client application, and request frequency which failed in 
attestation for every access classification. This invention carries out the feature of access 
control information consisting of a returned value returned to an authentication level for every 
access classification, and accessed client application. This invention consists of access 
authentication [ management information / attestation ] conditions according to an 
authentication level, and additional deletion attestation conditions. As for this invention, shared 
management information consists of application controlling information and additional deletion 
attestation condition management information. This invention consists of information which 
shows an authorized state over access classification, and said ID and access classification for 
every ID for application controlling information to specify client application, request frequency 
which failed in attestation for every access classification, and access authentication conditions. 
As for this invention, additional deletion attestation condition management information consists 
of additional deletion attestation conditions and request frequency. This invention does not 
receive access after making an authorized state a blockade, when request frequency exceeds 
default value. When this invention has the shared access from client application, On condition 
that information which shows an authorized state is an authorized state and attestation was 
materialized, Server application passes a set of functions of access classification and/or a 
pointer of an object in an authorized state, client application calls a server's function, and a 
function performs processing. This invention from external terminal equipment to application 
controlling information Application ID, When shared access occurs from client application 
which access classification was added and gained a set of functions of server application, 
and/or a pointer of an object, If, as for server application, client application calls a function of 
server application for authorized-state information on application controlling information with 
permission on condition that attestation was materialized, Access classification of the function 
concerned judges with reference to application controlling information for whether it is an 
authorized state, and on condition that it is in an authorized state, a function performs 
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processing. 
[0007] 

[Mode for carrying out the invention]Hereafter, with reference to Drawings, an embodiment of 
the invention is described taking the case of an IC card as information processing equipment in 
which a form is possible. 
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EXAMPLE 

(The 1st working example) Drawing 1 is a figure explaining the shared management 
information which each application carried in an IC card has. Shared management information 
consists of application controlling information ( drawing 1 (a)), access control information 
(drawing 1 (b)), and attestation management information ( drawing 1 (c)). Although application 
controlling information consists of ID (AID) of client application, access classification (TYPE), 
an authorized state, and request frequency, the shared access from client application is 
managed and each application owns separately, It is not necessary to have the application 
which does not provide a shared access function. In that case, the shared access demand 
from which application will also be received. 

[0008]Application ID (AID) is a number unique within an IC card at least for specifying client 
application. Access classification (TYPE) specifies data, the function and object (unit which put 
data and a function together) which are shared between the classification of access given to 
the application, and the number showing those sets, or it may be made to specify a direct 
address, a pointer, and a function name. 

[0009]An authorized state shall express the authorized state of access to a certain application 
ID and access classification, and shall express permission / disapproval / blockade at worst. In 
addition, in order to make an access speed quick, once attestation is successful, it may be 
made to establish states, such as "momentary permission" etc. which limited "regular 
permission" and the number of times which do not need to attest after that, and a term. In a 
state of obstruction, the attestation of shared access itself is not received so that it may 
mention later. Request frequency counts the number of times which failed in attestation of 
access classification, and the number of times of the authentication failure of the 
addition/deletion request to application controlling information. It may be made to add an item 
so that both can be divided and counted about an addition and deletion. 
[0010]Access control information consists of access classification, an authentication level, and 
a returned value. An authentication level is a number which shows the level of attestation 
required at the time of the shared access. Returned values are those sets, such as a pointer to 
a function name, a variable identifier, and a function, a pointer to a variable, reference to an 
object, a real address, and a value (the value to a variable itself), in the reference value for the 
shared access returned to client application. 

[001 1]Attestation management information consists of an attestation bell, access 
authentication conditions (PIN1), and addition/deletion attestation conditions (collation with 
PIN2 which it has beforehand for an addition/deletion). Shared access is allowed, when there 
is a demand of the shared access of a certain authentication level and the access 
authentication conditions (comparison with PIN2 currently held beforehand) corresponding to it 
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are fulfilled. 

[0012]As it supposes that an addition/deletion in an application name and the group unit of 
access classification are possible for application controlling information and is shown in 
drawing 1 (b) in that case, The authentication level corresponding to access classification is 
set up, and different PIN for every level is prepared like drawing 1 (c) so that it may be carried 
out, on condition that addition/deletion attestation conditions corresponding to the 
authentication level are fulfilled. 

[0013]Next, a procedure of an addition/deletion of application controlling information is 
explained. 

** Pass application ID, access classification, and an attestation parameter (PIN) to add 
(deletion) to server application from the client application or terminal side. 
** Server application searches attestation conditions corresponding to access classification, 
and carries out authenticating processings (collation of PIN, etc.). If it succeeds in attestation, 
application ID, access classification, and an authorized state (permission) will be added to 
application controlling information which he has. 

** In order to prevent unlawful access from inaccurate application or the outside, when 

attestation goes wrong and the increase of one and the specific number of times are reached 

in a count of request frequency, "blockade" an authorized state, and blockade an addition of 

application ID and access classification, and a deletion request after it. Unblocking cannot be 

performed or it is made to need specific attestation. 

[0014]Next, a procedure of shared access management is explained. 

** An access request occurs in data or processing through direct or OS from client application. 

** Server application searches an authorized-state flag from a group of application ID and 

access classification with reference to a shared management table, It is permission, and if 

attestation conditions suit, a means of access is provided as returned values (data, a reference 

address to a function, etc.) to client application. 

[0015] Drawing 2 is a figure explaining shared management information which each application 
has (it stores in a memory area). Application has its application ID (AID) and the information on 
a shared management table so that it may illustrate, and application of AIDO has application 
controlling information, access control information, and attestation management information 
about AID1 and AID2. A memory area where data which application originally has by a 
diagram, a function, and others are stored is omitting a graphic display. Below, application of 
AIDO, and 1 and 2 will be called the applications 0, 1, and 2, respectively. 
[00161 Drawing 3 is a figure explaining an example which asks for shared access from client 
application. An example of a figure shows signs that the application 1 asks for an access 
permit of the access classification 1 from the application 0. PIN1 is 1234, and the application 0 
which serves as a server checks that it is in agreement and that an access state is permission 
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(flag =1), takes [ attestation PIN is searched from a group of AID and TYPE (access 
classification), and ] out an access permit, and returns reference to a shared data function. 
[0017] Drawing 4 is a figure showing the example which fails in shared access. Signs that the 
application 3 is asking for permission of the access classification (TYPE) 2 from the application 
0 are shown. Since the application 0 which serves as a server does not have a group of AID3 
and TYPE2 in a shared management table, it does not issue shared access permission. 
[0018] Drawing 5 is a figure showing the example which adds application to shared 
management information. Signs that the application 3 adds application to shared management 
information to the application 0 are shown, and the application 3 sends AID=3, TYPE=2, and 
the attestation parameter (PIN2=8765) corresponding to it to the application 0 which serves as 
a server. The application 0 compares PIN=8765 [ required to add the right to access of 
TYPE=2 ] (it holds beforehand) of the authentication level 2 with PIN2 from the application 3, 
and since both are in agreement, it adds AID3 and TYPE2 to shared management information. 
As a result, as shown in drawing 6 , the application 3 is added to shared management 
information. 

[00191 Drawing 7 is a figure showing the adding processing flow of shared access and 
application controlling information. It is judged that a call (a function call or communication) 
occurs from an external terminal or a client whether it is an access request (Step S2). (Step 
S1) It is judged whether application controlling information has the AID and TYPE as it is an 
access request (Step S3), when application controlling information has AID TYPE, 
subsequently authenticating processing (PIN - do coincidence or not?) is performed (step S4), 
and when PIN is in agreement, the reference (returned value) corresponding to access 
classification is returned (Step S5). In step S4, when PIN is not in agreement, the request 
frequency of application controlling information is added one time (Step S6), It judges whether 
request frequency exceeded default value (Step S7), when it exceeds, the authorized-state 
flag of application controlling information is set to 2, and access of this application is blockaded 
(Step S8). In Step S2, when it is not an access request, it is judged whether it is an addition 
request to application controlling information (step S9). When it is an addition request, an 
authentication level is searched from access classification and PIN of the authentication level 2 
for an addition is obtained (Step S10). Subsequently, it judges whether PIN is in agreement 
(Step S11), in being in agreement, it judges whether application controlling information has 
AID and access classification (Step S12), when there is nothing, it adds to application 
controlling information, and an authorized-state flag is set to 1 . It judges whether it is 
blockaded when application controlling information has AID access classification (Step S13), 
when blockaded, processing is ended, and when not blockaded, an authorized-state flag is set 
to 1. 

[0020] Drawing 8 is a process flow explaining the procedure of shared access management. 
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From an external terminal or a client, to application controlling information AID, access 
classification, If an authorized state is added (Step S21) and a client asks for shared access 
(Step S22), An authorized state is permission or it judges whether PIN is in agreement (Step 
S23), when not filling these, access is made into disapproval, and in filling, a server returns the 
pointer to the set of functions of the access classification permitted to the client (Step S24). A 
client calls a server's function (Step S25), and a function (in practice object) performs 
processing (Step S26). Since the pointer to the function already granted a permission is given 
at this time, a check in particular is not carried out but processing is performed. 
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DESCRIPTION OF DRAWINGS 

[Brief Description of the Drawings] 

[Drawing 1] lt is a figure explaining the shared management information which each application 
carried in an IC card has. 

[Drawing 2] lt is a figure explaining the shared management information which each application 
has. 

[Drawing 3] It is a figure explaining the example which asks for shared access from client 
application. 

[Drawing 4] lt is a figure showing the example which fails in shared access. 

[Drawing 5] lt is a figure showing the example which adds application to shared management 

information. 

[Drawing 6] It is a figure showing the example in which application was added to shared 
management information. 

[Drawing 7] It is a figure showing the adding processing flow of shared access and application 
controlling information. 

[Drawing 8] It is a process flow figure explaining the procedure of shared access management. 
[Drawing 9] It is a figure explaining shared management information. 

[Drawing 10] lt is a figure explaining the shared management information which application has. 

[Drawing 11] lt is a figure showing the example which asks for shared access from client 
application. 

[Drawing 12] lt is a figure showing the example which stands as for an attested flag. 
[Drawing 13] lt is a figure showing the example which failed in shared access. 
[Drawing 14] It is a figure about ** in the example which adds application to shared 
management information. 

[Drawing 15] It is the figure of an example with which application was added to shared 
management information. 

[Drawing 16] lt is a figure showing the process flow of the 2nd working example. 

[Drawing 17] lt is a figure showing the process flow of the procedure of shared access 

management of the 2nd working example. 

[Explanations of letters or numerals] 

AID - Applications ID and TYPE ~ Access classification. 
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